Draft: Adding a first early draft on handling of digital signatures

discovery/readme.md

@@ -104,7 +104,7 @@ Append the product part of the TEI to the URI found
 
 - TEI: `urn:tei:uuid:products.example.com:d4d9f54a-abcf-11ee-ac79-1a52914d44b1`
 - DNS record: `_tei._tcp.products.example.com`
-- URI in DNS: `://www.example.com/transparency/`
+- URI in DNS: `https://www.example.com/transparency/`
 - URL: `https://www.example.com/transparency/d4d9f54a-abcf-11ee-ac79-1a52914d44b1/`
 
 If no DNS URI records are found the resolution defaults to A and AAAA records.

doc/tea-usecases.md

@@ -4,12 +4,22 @@ An overview of use cases to consider for the Transparency Exchange API. The use
 are marked with a short code for reference. All use cases needs a story like "Alice has bought
 a..."
 
-## C1: Consumer: Automated discovery based on SBOM identifier
+The use cases are divided in two categories:
+
+* Use cases for __customers__ (end-users, manufacturers) to find a repository with 
+  Transparency Artefacts for a single unit purchased
+* Use cases where there are different __products__
+  * This applies after discovery where we need to handle various things a customer may 
+    buy as a single unit
+
+## Customer focused use cases
+
+### C1: Consumer: Automated discovery based on SBOM identifier
 
 As a consumer that has an SBOM for a product, I want to be able to retrieve VEX and VDR files automatically both for current and old versions of the software. In the SBOM the product is identified by a PURL or other means (CPE, …)
 
 
-## C2: Consumer: Automation based on product name/identifier
+### C2: Consumer: Automation based on product name/identifier
 
 As a consumer, I want to download artifacts for a product based on known data.
 A combination of manufacturer, product name, vendor product ID, EAN bar code or other unique identifier.
@@ -19,16 +29,16 @@ product variant and version.
 If the consumer is a business, then the procurement process may include delivery of an SBOM with proper identifiers and possibly URLs or identifiers in another document, which may bootstrap the discovery process in a more exact way than in the case of buying a product in a retail market.
 Alice bought a gadget at the gadget store that contains a full Linux system. Where and how will she find the SBOM and VEX for the gadget?
 
-## C3: Consumer: Artifact retrieval 
+### C3: Consumer: Artifact retrieval 
 
 As a consumer, I want to retrieve one or more supply chain artifacts for the products that I have access to, possibly through licensing or other means. As a consumer, I should be able to retrieve all source artifacts such as xBOMs, VDR/VEX, CDXA, and CLE.
 
-## C4: Consumer: Summarized CLE
+### C4: Consumer: Summarized CLE
 
 As a consumer, I want the ability to get the current lifecycle values for a given product.
 A CLE captures all lifecycle events over time, however, there is a need to retrieve only the current values for things like product name, vendor name, and milestone events.
 
-## C5: Consumer: Insights
+### C5: Consumer: Insights
 
 As a consumer, I want the ability to simply ask the API questions rather than having to download,
 process, and analyze raw supply chain artifacts on my own systems. Common questions should be
@@ -37,45 +47,62 @@ the Common Expression Language (CEL).
 
 _NOTE_: Project Hyades (Dependency-Track v5) already implements CEL with the CycloneDX object model and has proven that this approach works for complex queries.
 
-## D1: Developer/PM - Components for inclusion in products by other projects/developers
+### D1: Developer/PM - Components for inclusion in products by other projects/developers
 
 A developer needs a component - software, library (open source and/or proprietary) to include
 in a product - publicly available (may be commercial) or in an internal system.
 Developer can be individual, company or public sector.
 They need insight into the library or component and be able to automatically keep upstream
 artefacts up to date.
 
-## B1: Business consumer
+### B1: Business consumer
 
 Acme LLC buys 3 000 gadgetrons from Emca LTD to be distributed over a retail chain. Acme runs an in-house vulnerability management system (Dependency Track) to manage SBOMs and download VEX files to check for vulnerabilities. Acme has products from exactly 14.385 vendors in the system.
 How will their systems get continuous access to current and old documents - attestations, SBOM, VEX and other files?
 
-## E1: Third party: Regulators
+### E1: Third party: Regulators
 
 Alice & Bob Enterprises AB has gotten a EUCC certification to get their Whola Firewall certified
 for CRA-compatible CE labeling. In order to maintain the certification the certifying body needs
 access to SBOM and VEX updates from A&BE in an automated way.
 
-## E2: External potential customer - insights before purchase
+### E2: External potential customer - insights before purchase
 
 Palme Auditors INC wants to buy the ACME SWISH product from a vendor. They want to examine vulnerability handling and get some insights into the products before making a decision.
 
-## E3: Hacker or competition
+### E3: Hacker or competition
 
 There are non-customers and not-to-be-customers that wants to get insight into how a product is
 composed by getting the transparency docs.
 
-## E4: Open Source user
+### E4: Open Source user
 
 Palme Inc considers using the asterisk.org open source telephony PBX.
 They need to make an assessment before starting tests and possible production use.
 The can either use the Debian package, the Alpine Linux Package or build a binary themselves from source code.
 How can they find the transparency exchange data sets?
 
 
-## O1: Open Source project
+### O1: Open Source project
 
 The hatturl open source project publish a library and a server side software on Github. This is
 later packaged as packages in many Linux distributions.
 
 How does the project publish artefacts? What are the requirements?
+
+## Product focused use cases
+
+### P1: A standalone app
+
+Customer buys a standalone application that is delivered as a binary
+
+### P2: A OCI container
+
+Customer gets a container with many third party components and a binary
+software developed by the manufacturer
+
+### P3: Embedded system
+
+### P4: Package with many devices
+
+### P5: An Open Source software library

signatures/signature.md

@@ -0,0 +1,122 @@
+# Trusting digital signatures in TEA
+
+Software transparency requires a trust platform so that users
+can validate the information and artefacts published. Given
+the situation today any information published is better than
+none, so the framework for digital signatures will not
+be mandatory for API compliance. Implementations may
+require all published information to be signed and
+validated.
+
+Within the
+API documents can be signed with an electronic
+signature. CycloneDX boms supports signatures within
+the JSON file, but other artefacts may need external
+signature files, a detached signature.
+
+- __Integrity__: Documents dowloaded needs to be the same
+  as documents published
+- __Identity__:
+  - Customers need to be able to verify the
+  publisher of the documents and verify that it is
+  the expected publisher.
+  - A TEA server may want to verify that published
+  documents are signed by the expected publisher
+  and that signatures are valid.
+
+In order to sign an object, a pair of asymmetric keys will be
+needed. The public key is used to create a certificate, signed
+by a certificate authority (CA). The private key is used for
+signing and needs to be protected.
+
+A software publisher may buy CA services from a commercial vendor
+or set up an internal solution. The issue with internal PKIs is that
+external parties do not automatically trust that internal PKI.
+
+This document outlines a proposal on how to build that trust and
+make it possible for publishers to use an internal PKI. It is
+of course important that this PKI is maintained according to
+best current practise.
+
+## API trust
+
+The TEA API is built on the HTTP protocol with TLS encryption
+and authentication, using the https:// URL scheme.
+
+The TLS server certificate is normally issued by a public Certificate
+Authority that is part of the Web PKI. The client needs to validate
+the TLS server certificate to make sure that the certificate name
+(CN or Subject Alt Name) matches the host part of the URI.
+
+If the certificate validates properly, the API can be trusted.
+Validation proves that the server is the right server for the
+given host name in the URL. This trust can be used to
+implement trust in a private PKI used to sign documents. In
+addition, trust anchors can be published in DNS as an extra
+level of validation.
+
+## Getting trust anchors
+
+Much like the EST protocol, the TEA protocol can be used
+to download trust anchors for a private PKI. These are
+PEM-encoded certificates in one single text file.
+
+The TEA API has a `/trust-anchors/` API that will download
+the current trust anchor APIs. This file is not signed,
+that would cause a chicken-and-egg problem. The certificates
+in the file are all signed.
+
+An implementation should download these and apply them only
+for this service, not in global scope. A PKI valid for example.com
+is not valid for example.net.
+
+## Validating the trust anchors using DNSsec (DANE)
+
+## Digital signatures
+
+### Digital signatures as specified for CycloneDX
+
+> "Digital signatures may be applied to a BOM or to an assembly within a BOM.
+> CycloneDX supports XML Signature, JSON Web Signature (JWS), and JSON Signature Format (JSF).
+> Signed BOMs benefit by providing advanced integrity and non-repudiation capabilities."
+<https://cyclonedx.org/use-cases/#authenticity>
+
+### External (detached) digital signatures for other documents
+
+- indication of hash algorithm
+- indicator of cert used
+- intermediate cert and sign cert
+
+### Validating the digital signature
+
+## Using Sigstore for signing
+
+Sigstore is an excellent free service for both signing of GIT commits as well
+as artefacts by using ephemeral certificates (very shortlived) and a
+certificate transparency log for validation and verification.
+Sigstore signatures contain timestamps from a timestamping service.
+
+## Suggested PKI setup
+
+### Root cert
+
+#### Root cert validity and renewal
+
+### Intermediate cert
+
+#### Intermediate cert validity and renewal
+
+### Signature
+
+#### Time stamp services
+
+### DNS entry
+
+## References
+
+- IETF RFC DANE
+- IETF DANCE architecture (IETF draft)
+- IETF Digital signature
+- JSON web signatures (JWS) - <https://datatracker.ietf.org/doc/html/rfc7515>
+- JSON signature format (JSF) - <https://cyberphone.github.io/doc/security/jsf.html>
+- [IETF Enrollment over Secure Transport (EST) RFC 7030](https://www.rfc-editor.org/rfc/rfc7030)

tea-collection/tea-collection.md

@@ -0,0 +1,50 @@
+# The TEA Collection object
+
+For each product and version there is a Tea Collection object, which is a list
+of available artifacts for this specific version. The TEA Index is a list of
+TEA collections.
+
+The TEA collection is normally created by the TEA application server at
+publication time of artifacts.
+
+If there are any updates of artifacts within a collection for the same
+version of a product, then a new TEA Collection object is created and signed.
+This update will have the same UUID, but a new version number. A reason
+for the update will have to be provided. This shall only be used to
+correct mistakes, spelling errors and similar things. If the product
+is modified, that is a new product version and that should generate
+a new collection object with a new UUID and updated metadata.
+
+## Collection object
+
+The TEA Collection object has the following parts
+
+* Preamble
+  * UUID of collection object
+  * Product name
+  * Product version
+  * Product Release date (timestamp)
+  * TEA Collection object release date (timestamp)
+  * TEA Collection object version (integer starting with version 1)
+  * Reason for update/release of TCO - clear text
+    * "New product release"
+    * "Corrected dependency in SBOM that was faulty"
+    * "Added missing In-Toto build attestation"
+* List of artifact objects (see below)
+* Optional Signature
+
+The artifact object has the following parts
+
+* Artifact UUID
+* Artifact name
+* List of objects with the same content. The order of the list has no significance.
+  * UUID for subdoc
+  * Optional BOM identifier
+    * SPDX or CycloneDX reference to BOM
+  * MIME media type
+  * Artifact category (enum)
+    * https://cyclonedx.org/docs/1.6/json/#externalReferences_items_type
+  * Description in clear text
+  * URL for downloads
+  * Size in bytes
+  * SHA384 checksum